In a concerning development for U.S. cybersecurity, Brian Krebs has reported that the Cybersecurity and Infrastructure Agency (CISA) has inadvertently left a cache of sensitive information exposed on a public GitHub repository since at least November 2025. This repository, ominously named “Private-CISA,” has revealed plaintext passwords, SSH private keys, tokens, and other critical assets associated with the agency.
The now-removed repository was identified by Guillaume Valadon of GitGuardian, who discovered its presence through routine public code scans. After attempts to alert the repository’s owner went unanswered, Valadon reached out to Krebs for further investigation. Dispatches from the repository indicate that the standard GitHub protections against committing sensitive data had been disabled by the repository’s administrator, a serious oversight in managing cybersecurity protocols.
Testing conducted by Philippe Caturegli, founder of Seralys, confirmed that the compromised credentials allowed access to several Amazon Web Services (AWS) GovCloud accounts, providing high-level privileges. This raises critical concerns about the security measures in place and suggests a failure in basic security protocols that should prevent such data exposures.
Reports indicate that the oversight occurred under the management of Nightwing, a contractor based in Virginia engaged by CISA. Despite inquiries related to this security lapse, Nightwing has directed all questions back to CISA without providing a public commentary. This incident marks a troubling pattern of lapses at CISA, following another noteworthy security failure earlier this year when acting Director Madhu Gottumukkala uploaded sensitive government documents to ChatGPT after receiving a policy exemption allowing such use.
The implications of these security breaches can be analyzed through the lens of the MITRE ATT&CK framework, particularly regarding initial access and privilege escalation tactics. The exposure of sensitive keys and credentials provides a clear illustration of how poor configuration can lead to significant vulnerabilities, allowing adversaries to exploit mismanaged authentication protocols.
This incident serves as a stark reminder for business owners about the pressing need for stringent security practices. Cybersecurity is not just about responding to threats; it is equally about preventing vulnerabilities. Organizations must ensure adherence to best practices for managing sensitive data and enforcing protections against unauthorized access.
CISA has a critical role in safeguarding the nation’s cybersecurity infrastructure. However, these repeated missteps underscore an urgent need for improved oversight and accountability within its operations. As businesses continue to navigate a complex threat landscape, staying informed and proactive in cybersecurity measures is paramount for risk mitigation.